RE: [ActiveDir] Inter-site Urgent replication

[Joe]

Title: RE: [ActiveDir] Inter-site Urgent replication

We actually have the holdback and pause cranked down to 30 seconds and 15 seconds on my DC's in my data center sites (all 100Mbs switched with Gig backbone) and it works fine. Had to crank it up to keep Exchange 2000 happy... Heh.

 

As for the bridgeheads, once you get to W2K3 you will get load balancing on your bridgeheads - not dynamic but better than what you have now. You can also look at a tool now called ADLB which will stagger your bridgeheads for a given site. If you have DC's that could potentially be really slow or bad network to them this could be a good thing because one bridgehead can become an anchor if its ONE SINGLE INBOUND REPLICATION thread gets tied up with a bad DC or bad network to a DC until it can finally time it out and dump it which can vary depending on when it went bad... I think the max is something like 40 minutes but it has been a while since I have looked at it. Now if I get something backing me up I run a little perl script that smokes the DNS records and keeps them smoked until I know that DC is back talking properly.

 

But again... each DC has (by default) 25 outbound threads for listening for replication pulls... they all only have ONE inbound thread. If that inbound ties up, that DC is bottlenecked. PSS and I have agreed to disagree that that is a good design. :o) 

 

  joe

---

From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ayers, Diane
Sent: Tuesday, November 18, 2003 10:58 AM
To: [EMAIL PROTECTED]

All:

 

Thanks for the tips and hints.  It seems that urgent replication is working better this AM.  I tracked a locked account from the source DC to the replication partners and it seems to be bypassing the replication schedule.  Too cool...

 

I'm still seeing some delay between the DCs that are "second hop" from the source via the replication topology but it seems to be a result of the new replication topology as opposed to anything else.  As Joe mentioned, the bridgehead server issue between sites comes into play. 

 

I was curious if anyone has tweaked the holdback timing and pause rates.  I'm inclined to tweak those settings to see better replication times as it seems that it has been tweaked already in 2003.  We're planning to go to 2003 after the holidays but want to see if anyone has taken the plunge in Win2K.

 

Diane

---

From: GRILLENMEIER,GUIDO (HP-Germany,ex1) [mailto:[EMAIL PROTECTED]
Sent: Tuesday, November 18, 2003 1:14 AM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] Inter-site Urgent replication

this is not only useful in the scenario described in this thread - if you generally want to speed up intra-site replication between DCs, you'd also want to work on these settings (not in 2k3, where it's as quick as it can get anyways and where the registry key is removed by default):

Registry Key to change Windows 2000 Replication behavior
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
- Replicator notify pause between DSAs (secs)  => pause between notifications
- Replicator notify pause after modify (secs) => pause to send first notification after a change

Default values: pause after modify / pause between DSAs

• Windows 2000:  registry values
  • 5 minutes / 30 seconds
• Windows 2003: new default values if registry keys are not set
  • 15 seconds / 3 seconds
    
    

_____________________________________________
From:   Rick Kingslan [mailto:[EMAIL PROTECTED]]
Sent:   Dienstag, 18. November 2003 05:34
To:     [EMAIL PROTECTED]
Subject:        RE: [ActiveDir] Inter-site Urgent replication

So, you're thinking with ATM between DCs I can crank up the holdback timing and pause rates?  Neat.....

;op

Rick Kingslan  MCSE, MCSA, MCT
Microsoft MVP - Active Directory
Associate Expert
Expert Zone - www.microsoft.com/windowsxp/expertzone
WebLog - www.msmvps.com/willhack4food
 

_____________________________________________
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Joe
Sent:   Monday, November 17, 2003 10:23 PM
To:     [EMAIL PROTECTED]
Subject:        RE: [ActiveDir] Inter-site Urgent replication

Cool in that case I would do the same... Also if it is W2K and your bandwidth can truly handle it I would turn down the timing for holdback and pause between dsa's.

  joe

_____________________________________________
From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Diane Ayers
Sent: Monday, November 17, 2003 9:09 PM
To: [EMAIL PROTECTED]

The biggest concern is not really the replication traffic and wanting to throttle the traffic but trying to localize the authentication.  I've turned on change notifications and we'll see how this works.  Thanks for the refresher on urgent replication and good point on the bridge head traffic.

Diane

_____________________________________________
From:   [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Joe
Sent:   Monday, November 17, 2003 5:41 PM
To:     [EMAIL PROTECTED]
Subject:        RE: [ActiveDir] Inter-site Urgent replication

Urgent replication really isn't... It is urgent queuing of a replication request in actuality or at least from what I have observed. Basically you quickly stick a replication request into the queue of all change notification partners. They process it in the order and priority received... i.e. it would happen before a previously queued GC partition replication but after a previously queued domain partition replication.

You would need to enable change notification between sites to start to see the urgent queuing and doing that will blow out your replication schedules and most all benefits of compression.

HOWEVER, if you were happy with a single site setup, this all would be fine for you... Note however all traffic will STILL go through the bridgeheads. You won't set up a large ring like you had within a single site.

   joe

_____________________________________________
From:  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]  On Behalf Of Ayers, Diane
Sent: Monday, November 17, 2003 6:04 PM
To: [EMAIL PROTECTED]

Greetings

In an effort to localize our authentication traffic, we recently implemented a multi-site configuration moving away from our single mega-site (single domain).  All DCs are on high bandwidth links but we are trying to reduce authentication across the WAN.  All inter-site transports are configured for a maximum replication frequency (15 minutes). 

An assumption on my part (and probably erroneous) is that urgent replication triggers such as account lockouts will still bypass inter-site replication schedules and be replicated to all DCs in the domain.  We're getting a smattering of reports that the events such as account lockouts are not getting replicated quickly.  Putting 2 and 2 together, it looks like urgent replication is not carried between sites.  Is my assumption correct and can I enabled urgent replication between sites?

Diane